web-search

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). These links include a remote installer endpoint intended to be piped to sh (https://cli.inference.sh) and a custom binary distribution host with checksums (dist.inference.sh) — a common malware distribution pattern unless the publisher is independently trusted and you verify downloads and checksums offline; the cloud JPEG and example.com placeholders are benign but don’t remove the risk of executing remote install scripts.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to fetch and extract content from arbitrary web URLs using apps like tavily/extract and exa/extract (see the "Tavily Extract" and "Exa Extract" examples and the "Workflow: Extract + Summarize" section), meaning untrusted third-party page content is ingested and then used as input to LLMs — enabling indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The Quick Start instructs running "curl -fsSL https://cli.inference.sh | sh", which fetches and immediately executes a remote shell script from https://cli.inference.sh (with binaries from dist.inference.sh) and is required to install/run the infsh CLI used by the skill.